Some Common Mistakes Leading to Privileged Access Misuse

August 30, 2019 | Data Breach, Third Party Threats, Access Control

In the age of digitization, while organizations are busy with the digital transformation, cyber crooks take this as an opportunity to look out for loopholes in the security of IT infrastructure and exploit them to steal as much information as possible. The administrative IDs and privileged credentials are the most vulnerable among all. Organizations very often put their data into grave risks by allowing multiple users including third-party service providers access privileged accounts and administrative accounts without any kind of monitoring mechanism. This gives ample opportunity to the cyber crooks to peep into the system and exploit the loopholes.

Here are a few common mistakes that organizations need to ponder over and implement at any cost to protect privileged accounts from malicious actors.

1. Failure to keep a track of privileged accounts: Organizations commonly turn blind eye to the number of privileged accounts that exist within their IT ecosystem. If the administrators do not have a specific and clear knowledge of the number of privileged accounts and privileged users in an organization, then obviously he/ she won’t be in a position to monitor and control the user activities. Both malicious insiders and organized cyber criminals can take this as an opportunity to obtain unauthorized access to the critical systems and breach data. Hence, an itemized list of privileged accounts would definitely help to organize the complex IT setup.

2. Ambiguity over the administer of privileged accounts: As discussed in the previous point, keeping a track of the privileged accounts will never be sufficient if the organizations fail to decide and define who would be administering these accounts, including their roles and responsibilities. Again, a dedicated person with complete knowledge and supervision skills might not be enough if the person is not dedicated to control and monitor the user accesses happening through the enterprise network.

3.Lack of guidelines on privileged entitlements : Once there is a complete track of the number of privileged accounts along with a dedicated administrator, organizations need to have a complete and definite policy in place which could explain how privileged sessions have to take place. Pre-defined privileged entitlements helps to maintain a controlled IT environment as there is always a rule and role based access to target devices.

4. Absence of multi-factor authentication: Today’s IT environment is very complex. There are multiple IT users spread across different environments such as multiple data centers and IaaS environments. With hundreds of thousands of privileged identities created to administer critical activities, organizations should ensure that a user has access to target devices only after providing multi-factor authentication (biometric authentication, mobile OTP) in addition to credentials.

5. No randomization and frequent change of passwords: Privileged credentials are the keys to organizations’ data assets. Hence, it goes without saying that privileged passwords should be protected at any cost from malefactors. If the passwords are randomized and changed frequently with the help of a robust Privileged Access Management (PAM) vaulting, then organizations can strengthen the Information Security posture.

6. No audit and reporting mechanism: It is a common trait which is ignored by many organizations. Interestingly, Audit Trails and Reporting helps the administrators immensely to detect any kind of suspicious activity in the IT ecosystem. The reporting mechanism offers comprehensive details of all the user activities happened in the privileged IT environment. In fact, audit trails helps the administrators to take crucial decisions related to audit and enquiry.